Unable to read value from Azure key vault

Roy, Chandan 0 Reputation points
2023-03-27T11:38:52.0133333+00:00

Hi Team,

I am trying to access a key's value from azure keyvault using a azure function, I am getting error while execute client.GetSecretAsync("mykey"). I am using ManagedIdentityCredential(MymanagedIdentityClientId) for authorization.

getting the below error.

ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.'

Could you please help.

Regards,

Chandan Roy

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,069 questions
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,075 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andriy Bilous 10,736 Reputation points MVP
    2023-03-27T14:04:42.5366667+00:00

    Hello @Roy, Chandan

    You can use the below .Net code to authenticate with a system-assigned managed identity

    var credential = new ManagedIdentityCredential();
    var client = new SecretClient(new Uri("https://myvault.vault.azure.net/"), credential);
    

    To troubleshoot authentication to Azure Key Vault using Managed Identity in your Azure Function try the following steps:
    Ensure Managed Identity is enabled:

    • Go to the Azure portal, and navigate to your Azure Function App.
    • In the left-hand pane, click on "Identity" under the "Settings" section.
    • Make sure "System assigned" or "User assigned" Managed Identity is enabled, depending on your requirement.
    • Note the "Object ID" (System assigned) or "Client ID" (User assigned) for later use.

    Grant your Managed Identity access to the Key Vault:

    • Go to the Azure portal and navigate to your Azure Key Vault.
    • In the left-hand pane, click on "Access policies" under the "Settings" section.
    • Click on "+ Add Access Policy" and select the appropriate permissions (e.g., "Secret Management" template).
    • In the "Select principal" field, search for your Managed Identity using the "Object ID" (System assigned) or "Client ID" (User assigned) from step 1.
    • Click "Add", and then click "Save" to apply the changes.

    Make sure your function app is running on Azure. Managed Identity authentication only works when the function app is deployed and running on Azure.
    https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?context=%2Fazure%2Factive-directory%2Fmanaged-identities-azure-resources%2Fcontext%2Fmsi-context&tabs=portal%2Cdotnet